CVE-2020-16154Improper Verification of Cryptographic Signature in Cpanminus

CWE-347Improper Verification of Cryptographic Signature6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 92.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian CpanminusFedoraproject Fedora
Timeline
PublishedDec 13
Latest updateFeb 10

Description

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

debiandebian/cpanminus< cpanminus 1.7045-1 (bookworm)

Also affects: Fedora 35

🔴Vulnerability Details

2
GHSA
GHSA-m92x-373g-xc36: The App::cpanminus package 12022-02-10
OSV
CVE-2020-16154: The App::cpanminus package 12021-12-13

📋Vendor Advisories

3
Ubuntu
App::cpanminus vulnerability2022-01-24
Red Hat
perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files2021-11-23
Debian
CVE-2020-16154: cpanminus - The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.2020